Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
classroomio
16020.2%CRITICAL

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-67298An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profileHIGH8.112.2%Mar 11, 2026
CVE-2025-65670An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.MEDIUM4.315.3%Nov 26, 2025
CVE-2025-65676Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.MEDIUM5.414.2%Nov 26, 2025
CVE-2025-65675Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.MEDIUM5.414.2%Nov 26, 2025
CVE-2025-65672Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.HIGH7.525.8%Nov 26, 2025
CVE-2025-65669An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.CRITICAL9.139.4%Nov 26, 2025